Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

Search Open Technical Databases: CDNs

Other sub-techniques of Search Open Technical Databases (5)

ID	Name
.001	DNS/Passive DNS
.002	WHOIS
.003	Digital Certificates
.004	CDNs
.005	Scan Databases

Adversaries may search content delivery network (CDN) data about victims that can be used during targeting. CDNs allow an organization to host content from a distributed, load balanced array of servers. CDNs may also allow organizations to customize content delivery based on the requestor’s geographical region. Adversaries may search CDN data to gather actionable information. Threat actors can use online resources and lookup tools to harvest information about content servers within a CDN. Adversaries may also seek and target CDN misconfigurations that leak sensitive information not intended to be hosted and/or do not have the same protection mechanisms (ex: login portals) as the content hosted on the organization’s website.(Citation: DigitalShadows CDN) Information from these sources may reveal opportunities for other forms of reconnaissance (ex: Active Scanning or Search Open Websites/Domains), establishing operational resources (ex: Acquire Infrastructure or Compromise Infrastructure), and/or initial access (ex: Drive-by Compromise).

ID: T1596.004

Sub-technique of: T1596

Tactic(s): Reconnaissance

Platforms: PRE

Version: 1.0

Created: 02 Oct 2020

Last Modified: 15 Apr 2021

Mitigation	Description
Mitigations
Pre-compromise	This category is used for any applicable mitigation activities that apply to techniques occurring before an adversary gains Initial Access, such as Reconnaissance and Resource Development techniques.

Detection

Much of this activity may have a very high occurrence and associated false positive rate, as well as potentially taking place outside the visibility of the target organization, making detection difficult for defenders. Detection efforts may be focused on related stages of the adversary lifecycle, such as during Initial Access.

References

Swisscom & Digital Shadows. (2017, September 6). Content Delivery Networks (CDNs) Can Leave You Exposed – How You Might Be Affected And What You Can Do About It. Retrieved October 20, 2020.

Связанные риски

Риск	Связи
Раскрытие информации о работниках организации из-за публикации информации в открытых источниках в интернете Конфиденциальность Раскрытие информации НСД
Раскрытие информации об ИТ инфраструктуре из-за публикации информации в открытых источниках в интернете Конфиденциальность Раскрытие информации

Каталоги

Техники ATT&CK:

T1589 Gather Victim Identity Information

T1589.002 Gather Victim Identity Information: Email Addresses

T1589.003 Gather Victim Identity Information: Employee Names

T1596 Search Open Technical Databases

T1596.001 Search Open Technical Databases: DNS/Passive DNS

T1596.002 Search Open Technical Databases: WHOIS

T1596.003 Search Open Technical Databases: Digital Certificates

T1596.005 Search Open Technical Databases: Scan Databases

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.